Secret and endpoint standardisation.
This PS moves keystone credentials to the endpoints section within the values.yaml, and also adds a 'secrets' key, allowing standardiation of secrets and credential management across OpenStack-Helm. Change-Id: I86a21e625afd822379ac11351603b2c606a3769f
This commit is contained in:
parent
6f3f72f57e
commit
c221fa5248
@ -20,6 +20,25 @@
|
|||||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
|
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
|
||||||
|
{{- set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
|
||||||
|
{{- set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
|
||||||
|
{{- set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
|
||||||
|
{{- set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.username -}}
|
||||||
|
{{- set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.password -}}
|
||||||
|
{{- set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
|
{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
|
||||||
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
|
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
@ -41,7 +41,7 @@ spec:
|
|||||||
- name: ROOT_DB_CONNECTION
|
- name: ROOT_DB_CONNECTION
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: barbican-db-root
|
name: {{ .Values.secrets.oslo_db.admin }}
|
||||||
key: DB_CONNECTION
|
key: DB_CONNECTION
|
||||||
- name: OPENSTACK_CONFIG_FILE
|
- name: OPENSTACK_CONFIG_FILE
|
||||||
value: /etc/barbican/barbican.conf
|
value: /etc/barbican/barbican.conf
|
||||||
|
@ -11,7 +11,6 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "barbican-env-keystone-admin" }}
|
|
||||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
@ -48,7 +47,7 @@ spec:
|
|||||||
subPath: ks-endpoints.sh
|
subPath: ks-endpoints.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: OS_SVC_ENDPOINT
|
- name: OS_SVC_ENDPOINT
|
||||||
|
@ -11,7 +11,6 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "barbican-env-keystone-admin" }}
|
|
||||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
{{- $dependencies := .Values.dependencies.ks_service }}
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
@ -47,7 +46,7 @@ spec:
|
|||||||
subPath: ks-service.sh
|
subPath: ks-service.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: OS_SERVICE_NAME
|
- name: OS_SERVICE_NAME
|
||||||
|
@ -10,8 +10,6 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "barbican-env-keystone-admin" }}
|
|
||||||
{{- $ksUserSecret := .Values.keystone.user_secret | default "barbican-env-keystone-user" }}
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
{{- $dependencies := .Values.dependencies.ks_user }}
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
@ -47,16 +45,16 @@ spec:
|
|||||||
subPath: ks-user.sh
|
subPath: ks-user.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: SERVICE_OS_SERVICE_NAME
|
- name: SERVICE_OS_SERVICE_NAME
|
||||||
value: "barbican"
|
value: "barbican"
|
||||||
{{- with $env := dict "ksUserSecret" $ksUserSecret }}
|
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: SERVICE_OS_ROLE
|
- name: SERVICE_OS_ROLE
|
||||||
value: {{ .Values.keystone.barbican_user_role | quote }}
|
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||||
volumes:
|
volumes:
|
||||||
- name: ks-user-sh
|
- name: ks-user-sh
|
||||||
configMap:
|
configMap:
|
||||||
|
@ -11,20 +11,15 @@
|
|||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||||
|
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ .Values.keystone_secrets.stack }}
|
name: {{ $secretName }}
|
||||||
type: Opaque
|
type: Opaque
|
||||||
data:
|
data:
|
||||||
OS_AUTH_URL: |
|
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
|
||||||
{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
{{- end }}
|
||||||
OS_REGION_NAME: |
|
|
||||||
{{ .Values.keystone.heat_stack_region_name | b64enc | indent 4 }}
|
|
||||||
OS_DOMAIN_NAME: |
|
|
||||||
{{ .Values.conf.heat.default.heat.common.config.stack_user_domain_name | b64enc | indent 4 }}
|
|
||||||
OS_USERNAME: |
|
|
||||||
{{ .Values.conf.heat.default.heat.common.config.stack_domain_admin | b64enc | indent 4 }}
|
|
||||||
OS_PASSWORD: |
|
|
||||||
{{ .Values.conf.heat.default.heat.common.config.stack_domain_admin_password | b64enc | indent 4 }}
|
|
@ -1,32 +0,0 @@
|
|||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: barbican-env-keystone-admin
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
OS_AUTH_URL: |
|
|
||||||
{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
|
||||||
OS_REGION_NAME: |
|
|
||||||
{{ .Values.keystone.admin_region_name | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_DOMAIN_NAME: |
|
|
||||||
{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_NAME: |
|
|
||||||
{{ .Values.keystone.admin_project_name | b64enc | indent 4 }}
|
|
||||||
OS_USER_DOMAIN_NAME: |
|
|
||||||
{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }}
|
|
||||||
OS_USERNAME: |
|
|
||||||
{{ .Values.keystone.admin_user | b64enc | indent 4 }}
|
|
||||||
OS_PASSWORD: |
|
|
||||||
{{ .Values.keystone.admin_password | b64enc | indent 4 }}
|
|
@ -1,32 +0,0 @@
|
|||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: barbican-env-keystone-user
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
OS_AUTH_URL: |
|
|
||||||
{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
|
||||||
OS_REGION_NAME: |
|
|
||||||
{{ .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.region_name | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_DOMAIN_NAME: |
|
|
||||||
{{ .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_NAME: |
|
|
||||||
{{ .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.project_name | b64enc | indent 4 }}
|
|
||||||
OS_USER_DOMAIN_NAME: |
|
|
||||||
{{ .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name | b64enc | indent 4 }}
|
|
||||||
OS_USERNAME: |
|
|
||||||
{{ .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.username | b64enc | indent 4 }}
|
|
||||||
OS_PASSWORD: |
|
|
||||||
{{ .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.password | b64enc | indent 4 }}
|
|
@ -1,3 +1,5 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
# you may not use this file except in compliance with the License.
|
# you may not use this file except in compliance with the License.
|
||||||
# You may obtain a copy of the License at
|
# You may obtain a copy of the License at
|
||||||
@ -9,11 +11,15 @@
|
|||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||||
|
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
name: barbican-db-root
|
name: {{ $secretName }}
|
||||||
type: Opaque
|
type: Opaque
|
||||||
data:
|
data:
|
||||||
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
|
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
|
||||||
|
{{- end }}
|
@ -45,22 +45,6 @@ network:
|
|||||||
enabled: false
|
enabled: false
|
||||||
port: 39486
|
port: 39486
|
||||||
|
|
||||||
keystone:
|
|
||||||
admin_user: "admin"
|
|
||||||
admin_user_domain: "default"
|
|
||||||
admin_password: "password"
|
|
||||||
admin_project_name: "admin"
|
|
||||||
admin_project_domain: "default"
|
|
||||||
admin_region_name: "RegionOne"
|
|
||||||
|
|
||||||
barbican_user: "barbican"
|
|
||||||
barbican_user_domain: "default"
|
|
||||||
barbican_user_role: "admin"
|
|
||||||
barbican_password: "password"
|
|
||||||
barbican_project_name: "service"
|
|
||||||
barbican_project_domain: "default"
|
|
||||||
barbican_region_name: "RegionOne"
|
|
||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
db_init:
|
db_init:
|
||||||
services:
|
services:
|
||||||
@ -115,12 +99,6 @@ conf:
|
|||||||
auth_token:
|
auth_token:
|
||||||
auth_type: password
|
auth_type: password
|
||||||
auth_version: v3
|
auth_version: v3
|
||||||
region_name: RegionOne
|
|
||||||
project_domain_name: default
|
|
||||||
project_name: service
|
|
||||||
user_domain_name: default
|
|
||||||
username: barbican
|
|
||||||
password: password
|
|
||||||
database:
|
database:
|
||||||
oslo:
|
oslo:
|
||||||
db:
|
db:
|
||||||
@ -130,9 +108,34 @@ conf:
|
|||||||
config:
|
config:
|
||||||
bind_port: 9311
|
bind_port: 9311
|
||||||
|
|
||||||
|
# Names of secrets used by bootstrap and environmental checks
|
||||||
|
secrets:
|
||||||
|
identity:
|
||||||
|
admin: barbican-keystone-admin
|
||||||
|
user: barbican-keystone-user
|
||||||
|
oslo_db:
|
||||||
|
admin: barbican-db-admin
|
||||||
|
user: barbican-db-user
|
||||||
|
|
||||||
endpoints:
|
endpoints:
|
||||||
identity:
|
identity:
|
||||||
name: keystone
|
name: keystone
|
||||||
|
auth:
|
||||||
|
admin:
|
||||||
|
region_name: RegionOne
|
||||||
|
username: admin
|
||||||
|
password: password
|
||||||
|
project_name: admin
|
||||||
|
user_domain_name: default
|
||||||
|
project_domain_name: default
|
||||||
|
user:
|
||||||
|
role: admin
|
||||||
|
region_name: RegionOne
|
||||||
|
username: barbican
|
||||||
|
password: password
|
||||||
|
project_name: service
|
||||||
|
user_domain_name: default
|
||||||
|
project_domain_name: default
|
||||||
hosts:
|
hosts:
|
||||||
default: keystone-api
|
default: keystone-api
|
||||||
public: keystone
|
public: keystone
|
||||||
|
@ -23,6 +23,25 @@
|
|||||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
|
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- if empty .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
|
||||||
|
{{- set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
|
||||||
|
{{- set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
|
||||||
|
{{- set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
|
||||||
|
{{- set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.username -}}
|
||||||
|
{{- set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.password -}}
|
||||||
|
{{- set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
{{- if empty .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
|
{{- if empty .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
|
||||||
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
|
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
@ -14,7 +14,6 @@
|
|||||||
|
|
||||||
{{- if .Values.bootstrap.enabled }}
|
{{- if .Values.bootstrap.enabled }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "cinder-env-keystone-admin" }}
|
|
||||||
{{- $dependencies := .Values.dependencies.bootstrap }}
|
{{- $dependencies := .Values.dependencies.bootstrap }}
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
@ -44,7 +43,7 @@ spec:
|
|||||||
command:
|
command:
|
||||||
- /tmp/bootstrap.sh
|
- /tmp/bootstrap.sh
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
@ -43,7 +43,7 @@ spec:
|
|||||||
- name: ROOT_DB_CONNECTION
|
- name: ROOT_DB_CONNECTION
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: cinder-db-root
|
name: {{ .Values.secrets.oslo_db.admin }}
|
||||||
key: DB_CONNECTION
|
key: DB_CONNECTION
|
||||||
- name: OPENSTACK_CONFIG_FILE
|
- name: OPENSTACK_CONFIG_FILE
|
||||||
value: /etc/cinder/cinder.conf
|
value: /etc/cinder/cinder.conf
|
||||||
|
@ -13,7 +13,6 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "cinder-env-keystone-admin" }}
|
|
||||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
@ -50,7 +49,7 @@ spec:
|
|||||||
subPath: ks-endpoints.sh
|
subPath: ks-endpoints.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: OS_SVC_ENDPOINT
|
- name: OS_SVC_ENDPOINT
|
||||||
|
@ -13,7 +13,6 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "cinder-env-keystone-admin" }}
|
|
||||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
{{- $dependencies := .Values.dependencies.ks_service }}
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
@ -49,7 +48,7 @@ spec:
|
|||||||
subPath: ks-service.sh
|
subPath: ks-service.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: OS_SERVICE_NAME
|
- name: OS_SERVICE_NAME
|
||||||
|
@ -12,8 +12,6 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "cinder-env-keystone-admin" }}
|
|
||||||
{{- $ksUserSecret := .Values.keystone.user_secret | default "cinder-env-keystone-user" }}
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
{{- $dependencies := .Values.dependencies.ks_user }}
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
@ -49,16 +47,16 @@ spec:
|
|||||||
subPath: ks-user.sh
|
subPath: ks-user.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: SERVICE_OS_SERVICE_NAME
|
- name: SERVICE_OS_SERVICE_NAME
|
||||||
value: "cinder"
|
value: "cinder"
|
||||||
{{- with $env := dict "ksUserSecret" $ksUserSecret }}
|
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: SERVICE_OS_ROLE
|
- name: SERVICE_OS_ROLE
|
||||||
value: {{ .Values.keystone.cinder_user_role | quote }}
|
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||||
volumes:
|
volumes:
|
||||||
- name: ks-user-sh
|
- name: ks-user-sh
|
||||||
configMap:
|
configMap:
|
||||||
|
@ -13,7 +13,6 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "cinder-env-keystone-admin" }}
|
|
||||||
{{- $dependencies := .Values.dependencies.tests }}
|
{{- $dependencies := .Values.dependencies.tests }}
|
||||||
{{- $mounts_cinder_tests := .Values.mounts.cinder_tests.cinder_tests }}
|
{{- $mounts_cinder_tests := .Values.mounts.cinder_tests.cinder_tests }}
|
||||||
{{- $mounts_cinder_tests_init := .Values.mounts.cinder_tests.init_container }}
|
{{- $mounts_cinder_tests_init := .Values.mounts.cinder_tests.init_container }}
|
||||||
@ -42,7 +41,7 @@ spec:
|
|||||||
memory: {{ .Values.resources.tests.requests.memory | quote }}
|
memory: {{ .Values.resources.tests.requests.memory | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: RALLY_ENV_NAME
|
- name: RALLY_ENV_NAME
|
||||||
|
@ -1,7 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: cinder-db-root
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
|
|
25
cinder/templates/secret-db.yaml
Normal file
25
cinder/templates/secret-db.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||||
|
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ $secretName }}
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
|
||||||
|
{{- end }}
|
@ -1,34 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: cinder-env-keystone-admin
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
OS_AUTH_URL: |
|
|
||||||
{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
|
||||||
OS_REGION_NAME: |
|
|
||||||
{{ .Values.keystone.admin_region_name | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_DOMAIN_NAME: |
|
|
||||||
{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_NAME: |
|
|
||||||
{{ .Values.keystone.admin_project_name | b64enc | indent 4 }}
|
|
||||||
OS_USER_DOMAIN_NAME: |
|
|
||||||
{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }}
|
|
||||||
OS_USERNAME: |
|
|
||||||
{{ .Values.keystone.admin_user | b64enc | indent 4 }}
|
|
||||||
OS_PASSWORD: |
|
|
||||||
{{ .Values.keystone.admin_password | b64enc | indent 4 }}
|
|
@ -1,34 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: cinder-env-keystone-user
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
OS_AUTH_URL: |
|
|
||||||
{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
|
||||||
OS_REGION_NAME: |
|
|
||||||
{{ .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.region_name | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_DOMAIN_NAME: |
|
|
||||||
{{ .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_NAME: |
|
|
||||||
{{ .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.project_name | b64enc | indent 4 }}
|
|
||||||
OS_USER_DOMAIN_NAME: |
|
|
||||||
{{ .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name | b64enc | indent 4 }}
|
|
||||||
OS_USERNAME: |
|
|
||||||
{{ .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.username | b64enc | indent 4 }}
|
|
||||||
OS_PASSWORD: |
|
|
||||||
{{ .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.password | b64enc | indent 4 }}
|
|
25
cinder/templates/secret-keystone.yaml
Normal file
25
cinder/templates/secret-keystone.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||||
|
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ $secretName }}
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
|
||||||
|
{{- end }}
|
@ -67,15 +67,6 @@ bootstrap:
|
|||||||
group:
|
group:
|
||||||
volume_backend_name:
|
volume_backend_name:
|
||||||
|
|
||||||
keystone:
|
|
||||||
admin_user: "admin"
|
|
||||||
admin_user_domain: "default"
|
|
||||||
admin_password: "password"
|
|
||||||
admin_project_name: "admin"
|
|
||||||
admin_project_domain: "default"
|
|
||||||
admin_region_name: "RegionOne"
|
|
||||||
cinder_user_role: "admin"
|
|
||||||
|
|
||||||
network:
|
network:
|
||||||
api:
|
api:
|
||||||
ingress:
|
ingress:
|
||||||
@ -129,12 +120,6 @@ conf:
|
|||||||
auth_token:
|
auth_token:
|
||||||
auth_version: v3
|
auth_version: v3
|
||||||
auth_type: password
|
auth_type: password
|
||||||
region_name: RegionOne
|
|
||||||
project_domain_name: default
|
|
||||||
project_name: service
|
|
||||||
user_domain_name: default
|
|
||||||
username: cinder
|
|
||||||
password: password
|
|
||||||
oslo_concurrency:
|
oslo_concurrency:
|
||||||
oslo:
|
oslo:
|
||||||
concurrency:
|
concurrency:
|
||||||
@ -235,12 +220,37 @@ dependencies:
|
|||||||
- service: volume
|
- service: volume
|
||||||
endpoint: internal
|
endpoint: internal
|
||||||
|
|
||||||
|
# Names of secrets used by bootstrap and environmental checks
|
||||||
|
secrets:
|
||||||
|
identity:
|
||||||
|
admin: cinder-keystone-admin
|
||||||
|
user: cinder-keystone-user
|
||||||
|
oslo_db:
|
||||||
|
admin: cinder-db-admin
|
||||||
|
user: cinder-db-user
|
||||||
|
|
||||||
# We use a different layout of the endpoints here to account for versioning
|
# We use a different layout of the endpoints here to account for versioning
|
||||||
# this swaps the service name and type, and should be rolled out to other
|
# this swaps the service name and type, and should be rolled out to other
|
||||||
# services.
|
# services.
|
||||||
endpoints:
|
endpoints:
|
||||||
identity:
|
identity:
|
||||||
name: keystone
|
name: keystone
|
||||||
|
auth:
|
||||||
|
admin:
|
||||||
|
region_name: RegionOne
|
||||||
|
username: admin
|
||||||
|
password: password
|
||||||
|
project_name: admin
|
||||||
|
user_domain_name: default
|
||||||
|
project_domain_name: default
|
||||||
|
user:
|
||||||
|
role: admin
|
||||||
|
region_name: RegionOne
|
||||||
|
username: cinder
|
||||||
|
password: password
|
||||||
|
project_name: service
|
||||||
|
user_domain_name: default
|
||||||
|
project_domain_name: default
|
||||||
hosts:
|
hosts:
|
||||||
default: keystone-api
|
default: keystone-api
|
||||||
public: keystone
|
public: keystone
|
||||||
|
@ -29,6 +29,44 @@
|
|||||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
|
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- if empty .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
|
||||||
|
{{- set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
|
||||||
|
{{- set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
|
||||||
|
{{- set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
|
||||||
|
{{- set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.username -}}
|
||||||
|
{{- set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.password -}}
|
||||||
|
{{- set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- if empty .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
|
||||||
|
{{- set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
|
||||||
|
{{- set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
|
||||||
|
{{- set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
|
||||||
|
{{- set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token.username -}}
|
||||||
|
{{- set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token.password -}}
|
||||||
|
{{- set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
{{- if empty .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
|
{{- if empty .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
|
||||||
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
|
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
@ -66,6 +104,7 @@
|
|||||||
{{- tuple "image" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.glance.default.glance.api "public_endpoint" | quote | trunc 0 -}}
|
{{- tuple "image" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.glance.default.glance.api "public_endpoint" | quote | trunc 0 -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -13,8 +13,8 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "glance-env-keystone-admin" }}
|
|
||||||
{{- $dependencies := .Values.dependencies.bootstrap }}
|
{{- $dependencies := .Values.dependencies.bootstrap }}
|
||||||
|
---
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
metadata:
|
metadata:
|
||||||
@ -41,7 +41,7 @@ spec:
|
|||||||
memory: {{ .Values.resources.jobs.bootstrap.requests.memory | quote }}
|
memory: {{ .Values.resources.jobs.bootstrap.requests.memory | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
command:
|
command:
|
||||||
|
@ -43,7 +43,7 @@ spec:
|
|||||||
- name: ROOT_DB_CONNECTION
|
- name: ROOT_DB_CONNECTION
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: glance-db-root
|
name: {{ .Values.secrets.oslo_db.admin }}
|
||||||
key: DB_CONNECTION
|
key: DB_CONNECTION
|
||||||
- name: OPENSTACK_CONFIG_FILE
|
- name: OPENSTACK_CONFIG_FILE
|
||||||
value: /etc/glance/glance-api.conf
|
value: /etc/glance/glance-api.conf
|
||||||
|
@ -13,7 +13,6 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "glance-env-keystone-admin" }}
|
|
||||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
@ -50,7 +49,7 @@ spec:
|
|||||||
subPath: ks-endpoints.sh
|
subPath: ks-endpoints.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: OS_SVC_ENDPOINT
|
- name: OS_SVC_ENDPOINT
|
||||||
|
@ -11,10 +11,9 @@
|
|||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "glance-env-keystone-admin" }}
|
|
||||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
{{- $dependencies := .Values.dependencies.ks_service }}
|
||||||
|
---
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
metadata:
|
metadata:
|
||||||
@ -49,7 +48,7 @@ spec:
|
|||||||
subPath: ks-service.sh
|
subPath: ks-service.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: OS_SERVICE_NAME
|
- name: OS_SERVICE_NAME
|
||||||
|
@ -11,11 +11,9 @@
|
|||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "glance-env-keystone-admin" }}
|
|
||||||
{{- $ksUserSecret := .Values.keystone.user_secret | default "glance-env-keystone-user" }}
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
{{- $dependencies := .Values.dependencies.ks_user }}
|
||||||
|
---
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
metadata:
|
metadata:
|
||||||
@ -49,16 +47,16 @@ spec:
|
|||||||
subPath: ks-user.sh
|
subPath: ks-user.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: SERVICE_OS_SERVICE_NAME
|
- name: SERVICE_OS_SERVICE_NAME
|
||||||
value: "glance"
|
value: "glance"
|
||||||
{{- with $env := dict "ksUserSecret" $ksUserSecret }}
|
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: SERVICE_OS_ROLE
|
- name: SERVICE_OS_ROLE
|
||||||
value: {{ .Values.keystone.glance_user_role | quote }}
|
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||||
volumes:
|
volumes:
|
||||||
- name: ks-user-sh
|
- name: ks-user-sh
|
||||||
configMap:
|
configMap:
|
||||||
|
@ -13,7 +13,6 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "glance-env-keystone-admin" }}
|
|
||||||
{{- $dependencies := .Values.dependencies.tests }}
|
{{- $dependencies := .Values.dependencies.tests }}
|
||||||
{{- $mounts_glance_tests := .Values.mounts.glance_tests.glance_tests }}
|
{{- $mounts_glance_tests := .Values.mounts.glance_tests.glance_tests }}
|
||||||
{{- $mounts_glance_tests_init := .Values.mounts.glance_tests.init_container }}
|
{{- $mounts_glance_tests_init := .Values.mounts.glance_tests.init_container }}
|
||||||
@ -42,7 +41,7 @@ spec:
|
|||||||
memory: {{ .Values.resources.tests.requests.memory | quote }}
|
memory: {{ .Values.resources.tests.requests.memory | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: RALLY_ENV_NAME
|
- name: RALLY_ENV_NAME
|
||||||
|
@ -1,7 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: glance-db-root
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
|
|
25
glance/templates/secret-db.yaml
Normal file
25
glance/templates/secret-db.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||||
|
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ $secretName }}
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
|
||||||
|
{{- end }}
|
@ -1,34 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: glance-env-keystone-admin
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
OS_AUTH_URL: |
|
|
||||||
{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
|
||||||
OS_REGION_NAME: |
|
|
||||||
{{ .Values.keystone.admin_region_name | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_DOMAIN_NAME: |
|
|
||||||
{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_NAME: |
|
|
||||||
{{ .Values.keystone.admin_project_name | b64enc | indent 4 }}
|
|
||||||
OS_USER_DOMAIN_NAME: |
|
|
||||||
{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }}
|
|
||||||
OS_USERNAME: |
|
|
||||||
{{ .Values.keystone.admin_user | b64enc | indent 4 }}
|
|
||||||
OS_PASSWORD: |
|
|
||||||
{{ .Values.keystone.admin_password | b64enc | indent 4 }}
|
|
@ -1,34 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: glance-env-keystone-user
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
OS_AUTH_URL: |
|
|
||||||
{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
|
||||||
OS_REGION_NAME: |
|
|
||||||
{{ .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.region_name | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_DOMAIN_NAME: |
|
|
||||||
{{ .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_NAME: |
|
|
||||||
{{ .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.project_name | b64enc | indent 4 }}
|
|
||||||
OS_USER_DOMAIN_NAME: |
|
|
||||||
{{ .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name | b64enc | indent 4 }}
|
|
||||||
OS_USERNAME: |
|
|
||||||
{{ .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.username | b64enc | indent 4 }}
|
|
||||||
OS_PASSWORD: |
|
|
||||||
{{ .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.password | b64enc | indent 4 }}
|
|
25
glance/templates/secret-keystone.yaml
Normal file
25
glance/templates/secret-keystone.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||||
|
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ $secretName }}
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
|
||||||
|
{{- end }}
|
@ -76,16 +76,6 @@ bootstrap:
|
|||||||
hypervisor_type: "qemu"
|
hypervisor_type: "qemu"
|
||||||
os_distro: "cirros"
|
os_distro: "cirros"
|
||||||
|
|
||||||
keystone:
|
|
||||||
admin_user: "admin"
|
|
||||||
admin_user_domain: "default"
|
|
||||||
admin_password: "password"
|
|
||||||
admin_project_name: "admin"
|
|
||||||
admin_project_domain: "default"
|
|
||||||
admin_region_name: "RegionOne"
|
|
||||||
glance_user_role: "admin"
|
|
||||||
|
|
||||||
|
|
||||||
conf:
|
conf:
|
||||||
rally_tests:
|
rally_tests:
|
||||||
override:
|
override:
|
||||||
@ -120,12 +110,6 @@ conf:
|
|||||||
auth_token:
|
auth_token:
|
||||||
auth_type: password
|
auth_type: password
|
||||||
auth_version: v3
|
auth_version: v3
|
||||||
region_name: RegionOne
|
|
||||||
project_domain_name: default
|
|
||||||
project_name: service
|
|
||||||
user_domain_name: default
|
|
||||||
username: glance
|
|
||||||
password: password
|
|
||||||
glance_store:
|
glance_store:
|
||||||
glance:
|
glance:
|
||||||
store:
|
store:
|
||||||
@ -151,12 +135,6 @@ conf:
|
|||||||
auth_token:
|
auth_token:
|
||||||
auth_type: password
|
auth_type: password
|
||||||
auth_version: v3
|
auth_version: v3
|
||||||
region_name: RegionOne
|
|
||||||
project_domain_name: default
|
|
||||||
project_name: service
|
|
||||||
user_domain_name: default
|
|
||||||
username: glance
|
|
||||||
password: password
|
|
||||||
|
|
||||||
network:
|
network:
|
||||||
api:
|
api:
|
||||||
@ -296,12 +274,37 @@ dependencies:
|
|||||||
- service: image
|
- service: image
|
||||||
endpoint: internal
|
endpoint: internal
|
||||||
|
|
||||||
|
# Names of secrets used by bootstrap and environmental checks
|
||||||
|
secrets:
|
||||||
|
identity:
|
||||||
|
admin: glance-keystone-admin
|
||||||
|
user: glance-keystone-user
|
||||||
|
oslo_db:
|
||||||
|
admin: glance-db-admin
|
||||||
|
user: glance-db-user
|
||||||
|
|
||||||
# typically overriden by environmental
|
# typically overriden by environmental
|
||||||
# values, but should include all endpoints
|
# values, but should include all endpoints
|
||||||
# required by this chart
|
# required by this chart
|
||||||
endpoints:
|
endpoints:
|
||||||
identity:
|
identity:
|
||||||
name: keystone
|
name: keystone
|
||||||
|
auth:
|
||||||
|
admin:
|
||||||
|
region_name: RegionOne
|
||||||
|
username: admin
|
||||||
|
password: password
|
||||||
|
project_name: admin
|
||||||
|
user_domain_name: default
|
||||||
|
project_domain_name: default
|
||||||
|
user:
|
||||||
|
role: admin
|
||||||
|
region_name: RegionOne
|
||||||
|
username: glance
|
||||||
|
password: password
|
||||||
|
project_name: service
|
||||||
|
user_domain_name: default
|
||||||
|
project_domain_name: default
|
||||||
hosts:
|
hosts:
|
||||||
default: keystone-api
|
default: keystone-api
|
||||||
public: keystone
|
public: keystone
|
||||||
|
@ -23,6 +23,54 @@
|
|||||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
|
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- if empty .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
|
||||||
|
{{- set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
|
||||||
|
{{- set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
|
||||||
|
{{- set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
|
||||||
|
{{- set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.username -}}
|
||||||
|
{{- set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.password -}}
|
||||||
|
{{- set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- if empty .Values.conf.heat.trustee.heat.common.context.region_name -}}
|
||||||
|
{{- set .Values.conf.heat.trustee.heat.common.context "region_name" .Values.endpoints.identity.auth.trustee.region_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.heat.trustee.heat.common.context.project_name -}}
|
||||||
|
{{- set .Values.conf.heat.trustee.heat.common.context "project_name" .Values.endpoints.identity.auth.trustee.project_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.heat.trustee.heat.common.context.project_domain_name -}}
|
||||||
|
{{- set .Values.conf.heat.trustee.heat.common.context "project_domain_name" .Values.endpoints.identity.auth.trustee.project_domain_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.heat.trustee.heat.common.context.user_domain_name -}}
|
||||||
|
{{- set .Values.conf.heat.trustee.heat.common.context "user_domain_name" .Values.endpoints.identity.auth.trustee.user_domain_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.heat.trustee.heat.common.context.username -}}
|
||||||
|
{{- set .Values.conf.heat.trustee.heat.common.context "username" .Values.endpoints.identity.auth.trustee.username | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.heat.trustee.heat.common.context.password -}}
|
||||||
|
{{- set .Values.conf.heat.trustee.heat.common.context "password" .Values.endpoints.identity.auth.trustee.password | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- if empty .Values.conf.heat.default.heat.common.config.stack_user_domain_name -}}
|
||||||
|
{{- set .Values.conf.heat.default.heat.common.config "stack_user_domain_name" .Values.endpoints.identity.auth.stack_user.region_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.heat.default.heat.common.config.stack_domain_admin -}}
|
||||||
|
{{- set .Values.conf.heat.default.heat.common.config "stack_domain_admin" .Values.endpoints.identity.auth.stack_user.username | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.heat.default.heat.common.config.stack_domain_admin_password -}}
|
||||||
|
{{- set .Values.conf.heat.default.heat.common.config "stack_domain_admin_password" .Values.endpoints.identity.auth.stack_user.password | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
{{- if empty .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
|
{{- if empty .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
|
||||||
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
|
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
@ -43,7 +43,7 @@ spec:
|
|||||||
- name: ROOT_DB_CONNECTION
|
- name: ROOT_DB_CONNECTION
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: heat-db-root
|
name: {{ .Values.secrets.oslo_db.admin }}
|
||||||
key: DB_CONNECTION
|
key: DB_CONNECTION
|
||||||
- name: OPENSTACK_CONFIG_FILE
|
- name: OPENSTACK_CONFIG_FILE
|
||||||
value: /etc/heat/heat.conf
|
value: /etc/heat/heat.conf
|
||||||
|
@ -13,7 +13,6 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $ksAdminSecret := .Values.keystone_secrets.admin }}
|
|
||||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
@ -50,7 +49,7 @@ spec:
|
|||||||
subPath: ks-endpoints.sh
|
subPath: ks-endpoints.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: OS_SVC_ENDPOINT
|
- name: OS_SVC_ENDPOINT
|
||||||
|
@ -13,7 +13,6 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $ksAdminSecret := .Values.keystone_secrets.admin }}
|
|
||||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
{{- $dependencies := .Values.dependencies.ks_service }}
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
@ -49,7 +48,7 @@ spec:
|
|||||||
subPath: ks-service.sh
|
subPath: ks-service.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: OS_SERVICE_NAME
|
- name: OS_SERVICE_NAME
|
||||||
|
@ -14,11 +14,7 @@
|
|||||||
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
{{- $dependencies := .Values.dependencies.ks_user }}
|
||||||
{{- $ksAdminSecret := .Values.keystone_secrets.admin }}
|
|
||||||
{{- $ksUserSecret := .Values.keystone_secrets.user }}
|
|
||||||
# The heat user management job is a bit different from other services as it also needs to create a stack domain and trusts user
|
# The heat user management job is a bit different from other services as it also needs to create a stack domain and trusts user
|
||||||
{{- $ksTrusteeUserSecret := .Values.keystone_secrets.trustee }}
|
|
||||||
{{- $ksStackUserSecret := .Values.keystone_secrets.stack }}
|
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
metadata:
|
metadata:
|
||||||
@ -52,21 +48,20 @@ spec:
|
|||||||
subPath: ks-user.sh
|
subPath: ks-user.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: SERVICE_OS_SERVICE_NAME
|
- name: SERVICE_OS_SERVICE_NAME
|
||||||
value: "heat"
|
value: "heat"
|
||||||
{{- with $env := dict "ksUserSecret" $ksUserSecret }}
|
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: SERVICE_OS_ROLE
|
- name: SERVICE_OS_ROLE
|
||||||
value: {{ .Values.keystone.heat_user_role | quote }}
|
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||||
- name: heat-ks-trustee-user
|
- name: heat-ks-trustee-user
|
||||||
image: {{ .Values.images.ks_user }}
|
image: {{ .Values.images.ks_user }}
|
||||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||||
command:
|
command:
|
||||||
- bash
|
|
||||||
- /tmp/ks-user.sh
|
- /tmp/ks-user.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: ks-user-sh
|
- name: ks-user-sh
|
||||||
@ -74,21 +69,20 @@ spec:
|
|||||||
subPath: ks-user.sh
|
subPath: ks-user.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: SERVICE_OS_SERVICE_NAME
|
- name: SERVICE_OS_SERVICE_NAME
|
||||||
value: "heat"
|
value: "heat"
|
||||||
{{- with $env := dict "ksUserSecret" $ksTrusteeUserSecret }}
|
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.trustee }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: SERVICE_OS_ROLE
|
- name: SERVICE_OS_ROLE
|
||||||
value: {{ .Values.keystone.heat_trustee_role | quote }}
|
value: {{ .Values.endpoints.identity.auth.trustee.role | quote }}
|
||||||
- name: heat-ks-domain-user
|
- name: heat-ks-domain-user
|
||||||
image: {{ .Values.images.ks_user }}
|
image: {{ .Values.images.ks_user }}
|
||||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||||
command:
|
command:
|
||||||
- bash
|
|
||||||
- /tmp/ks-domain-user.sh
|
- /tmp/ks-domain-user.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: ks-user-sh
|
- name: ks-user-sh
|
||||||
@ -96,7 +90,7 @@ spec:
|
|||||||
subPath: ks-domain-user.sh
|
subPath: ks-domain-user.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: SERVICE_OS_SERVICE_NAME
|
- name: SERVICE_OS_SERVICE_NAME
|
||||||
@ -104,25 +98,25 @@ spec:
|
|||||||
- name: SERVICE_OS_REGION_NAME
|
- name: SERVICE_OS_REGION_NAME
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: {{ $ksStackUserSecret }}
|
name: {{ .Values.secrets.identity.stack_user }}
|
||||||
key: OS_REGION_NAME
|
key: OS_REGION_NAME
|
||||||
- name: SERVICE_OS_DOMAIN_NAME
|
- name: SERVICE_OS_DOMAIN_NAME
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: {{ $ksStackUserSecret }}
|
name: {{ .Values.secrets.identity.stack_user }}
|
||||||
key: OS_DOMAIN_NAME
|
key: OS_DOMAIN_NAME
|
||||||
- name: SERVICE_OS_USERNAME
|
- name: SERVICE_OS_USERNAME
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: {{ $ksStackUserSecret }}
|
name: {{ .Values.secrets.identity.stack_user }}
|
||||||
key: OS_USERNAME
|
key: OS_USERNAME
|
||||||
- name: SERVICE_OS_PASSWORD
|
- name: SERVICE_OS_PASSWORD
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: {{ $ksStackUserSecret }}
|
name: {{ .Values.secrets.identity.stack_user }}
|
||||||
key: OS_PASSWORD
|
key: OS_PASSWORD
|
||||||
- name: SERVICE_OS_ROLE
|
- name: SERVICE_OS_ROLE
|
||||||
value: {{ .Values.keystone.heat_stack_user_role | quote }}
|
value: {{ .Values.endpoints.identity.auth.stack_user.role | quote }}
|
||||||
volumes:
|
volumes:
|
||||||
- name: ks-user-sh
|
- name: ks-user-sh
|
||||||
configMap:
|
configMap:
|
||||||
|
@ -1,7 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: heat-db-root
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
|
|
25
heat/templates/secret-db.yaml
Normal file
25
heat/templates/secret-db.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||||
|
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ $secretName }}
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
|
||||||
|
{{- end }}
|
@ -1,34 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: {{ .Values.keystone_secrets.admin }}
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
OS_AUTH_URL: |
|
|
||||||
{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
|
||||||
OS_REGION_NAME: |
|
|
||||||
{{ .Values.keystone.admin_region_name | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_DOMAIN_NAME: |
|
|
||||||
{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_NAME: |
|
|
||||||
{{ .Values.keystone.admin_project_name | b64enc | indent 4 }}
|
|
||||||
OS_USER_DOMAIN_NAME: |
|
|
||||||
{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }}
|
|
||||||
OS_USERNAME: |
|
|
||||||
{{ .Values.keystone.admin_user | b64enc | indent 4 }}
|
|
||||||
OS_PASSWORD: |
|
|
||||||
{{ .Values.keystone.admin_password | b64enc | indent 4 }}
|
|
@ -1,34 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: {{ .Values.keystone_secrets.trustee }}
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
OS_AUTH_URL: |
|
|
||||||
{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
|
||||||
OS_REGION_NAME: |
|
|
||||||
{{ .Values.keystone.heat_trustee_region_name | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_DOMAIN_NAME: |
|
|
||||||
{{ .Values.conf.heat.trustee.heat.common.context.project_domain_name | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_NAME: |
|
|
||||||
{{ .Values.conf.heat.trustee.heat.common.context.project_name | b64enc | indent 4 }}
|
|
||||||
OS_USER_DOMAIN_NAME: |
|
|
||||||
{{ .Values.conf.heat.trustee.heat.common.context.user_domain_name | b64enc | indent 4 }}
|
|
||||||
OS_USERNAME: |
|
|
||||||
{{ .Values.conf.heat.trustee.heat.common.context.username | b64enc | indent 4 }}
|
|
||||||
OS_PASSWORD: |
|
|
||||||
{{ .Values.conf.heat.trustee.heat.common.context.password | b64enc | indent 4 }}
|
|
@ -1,34 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: {{ .Values.keystone_secrets.user }}
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
OS_AUTH_URL: |
|
|
||||||
{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
|
||||||
OS_REGION_NAME: |
|
|
||||||
{{ .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.region_name | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_DOMAIN_NAME: |
|
|
||||||
{{ .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_NAME: |
|
|
||||||
{{ .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.project_name | b64enc | indent 4 }}
|
|
||||||
OS_USER_DOMAIN_NAME: |
|
|
||||||
{{ .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name | b64enc | indent 4 }}
|
|
||||||
OS_USERNAME: |
|
|
||||||
{{ .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.username | b64enc | indent 4 }}
|
|
||||||
OS_PASSWORD: |
|
|
||||||
{{ .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.password | b64enc | indent 4 }}
|
|
37
heat/templates/secret-keystone.yaml
Normal file
37
heat/templates/secret-keystone.yaml
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- range $key1, $userClass := tuple "admin" "user" "trustee" }}
|
||||||
|
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ $secretName }}
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
|
||||||
|
{{- end }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ $envAll.Values.secrets.identity.stack_user }}
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
OS_AUTH_URL: {{ tuple "identity" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
||||||
|
OS_REGION_NAME: {{ .Values.endpoints.identity.auth.stack_user.region_name | b64enc | indent 4 }}
|
||||||
|
OS_DOMAIN_NAME: {{ .Values.endpoints.identity.auth.stack_user.domain_name | b64enc | indent 4 }}
|
||||||
|
OS_USERNAME: {{ .Values.endpoints.identity.auth.stack_user.username | b64enc | indent 4 }}
|
||||||
|
OS_PASSWORD: {{ .Values.endpoints.identity.auth.stack_user.password | b64enc | indent 4 }}
|
@ -64,29 +64,6 @@ termination_grace_period:
|
|||||||
cloudwatch:
|
cloudwatch:
|
||||||
timeout: 30
|
timeout: 30
|
||||||
|
|
||||||
keystone_secrets:
|
|
||||||
admin: "heat-env-keystone-admin"
|
|
||||||
user: "heat-env-keystone-user"
|
|
||||||
trustee: "heat-env-keystone-trustee"
|
|
||||||
stack: "heat-env-keystone-stack-user"
|
|
||||||
|
|
||||||
keystone:
|
|
||||||
admin_user: "admin"
|
|
||||||
admin_user_domain: "default"
|
|
||||||
admin_password: "password"
|
|
||||||
admin_project_name: "admin"
|
|
||||||
admin_project_domain: "default"
|
|
||||||
admin_region_name: "RegionOne"
|
|
||||||
|
|
||||||
heat_user_role: "admin"
|
|
||||||
|
|
||||||
heat_trustee_role: "admin"
|
|
||||||
heat_trustee_region_name: "RegionOne"
|
|
||||||
|
|
||||||
heat_stack_user_role: "admin"
|
|
||||||
heat_stack_region_name: "RegionOne"
|
|
||||||
|
|
||||||
|
|
||||||
conf:
|
conf:
|
||||||
paste:
|
paste:
|
||||||
override:
|
override:
|
||||||
@ -101,9 +78,6 @@ conf:
|
|||||||
heat:
|
heat:
|
||||||
common:
|
common:
|
||||||
config:
|
config:
|
||||||
stack_user_domain_name: heat
|
|
||||||
stack_domain_admin: heat-domain
|
|
||||||
stack_domain_admin_password: password
|
|
||||||
num_engine_workers: 4
|
num_engine_workers: 4
|
||||||
trusts_delegated_roles: _member_
|
trusts_delegated_roles: _member_
|
||||||
keystone_authtoken:
|
keystone_authtoken:
|
||||||
@ -111,24 +85,12 @@ conf:
|
|||||||
auth_token:
|
auth_token:
|
||||||
auth_type: password
|
auth_type: password
|
||||||
auth_version: v3
|
auth_version: v3
|
||||||
region_name: RegionOne
|
|
||||||
project_domain_name: default
|
|
||||||
project_name: service
|
|
||||||
user_domain_name: default
|
|
||||||
username: heat
|
|
||||||
password: password
|
|
||||||
trustee:
|
trustee:
|
||||||
heat:
|
heat:
|
||||||
common:
|
common:
|
||||||
context:
|
context:
|
||||||
auth_section: trustee
|
auth_section: trustee
|
||||||
auth_type: password
|
auth_type: password
|
||||||
password: password
|
|
||||||
user_domain_name: default
|
|
||||||
username: heat-trust
|
|
||||||
project_domain_name: default
|
|
||||||
project_name: service
|
|
||||||
region_name: RegionOne
|
|
||||||
auth_version: v3
|
auth_version: v3
|
||||||
heat_api:
|
heat_api:
|
||||||
heat:
|
heat:
|
||||||
@ -249,12 +211,53 @@ dependencies:
|
|||||||
- service: identity
|
- service: identity
|
||||||
endpoint: internal
|
endpoint: internal
|
||||||
|
|
||||||
|
# Names of secrets used by bootstrap and environmental checks
|
||||||
|
secrets:
|
||||||
|
identity:
|
||||||
|
admin: heat-keystone-admin
|
||||||
|
user: heat-keystone-user
|
||||||
|
trustee: heat-keystone-trustee
|
||||||
|
stack_user: heat-keystone-stack-user
|
||||||
|
oslo_db:
|
||||||
|
admin: heat-db-admin
|
||||||
|
user: heat-db-user
|
||||||
|
|
||||||
# typically overriden by environmental
|
# typically overriden by environmental
|
||||||
# values, but should include all endpoints
|
# values, but should include all endpoints
|
||||||
# required by this chart
|
# required by this chart
|
||||||
endpoints:
|
endpoints:
|
||||||
identity:
|
identity:
|
||||||
name: keystone
|
name: keystone
|
||||||
|
auth:
|
||||||
|
admin:
|
||||||
|
region_name: RegionOne
|
||||||
|
username: admin
|
||||||
|
password: password
|
||||||
|
project_name: admin
|
||||||
|
user_domain_name: default
|
||||||
|
project_domain_name: default
|
||||||
|
user:
|
||||||
|
role: admin
|
||||||
|
region_name: RegionOne
|
||||||
|
username: heat
|
||||||
|
password: password
|
||||||
|
project_name: service
|
||||||
|
user_domain_name: default
|
||||||
|
project_domain_name: default
|
||||||
|
trustee:
|
||||||
|
role: admin
|
||||||
|
region_name: RegionOne
|
||||||
|
username: heat-trust
|
||||||
|
password: password
|
||||||
|
project_name: service
|
||||||
|
user_domain_name: default
|
||||||
|
project_domain_name: default
|
||||||
|
stack_user:
|
||||||
|
role: admin
|
||||||
|
region_name: RegionOne
|
||||||
|
username: heat-trust
|
||||||
|
password: password
|
||||||
|
domain_name: heat
|
||||||
hosts:
|
hosts:
|
||||||
default: keystone-api
|
default: keystone-api
|
||||||
public: keystone
|
public: keystone
|
||||||
|
27
helm-toolkit/templates/snippets/_keystone_secret_openrc.tpl
Normal file
27
helm-toolkit/templates/snippets/_keystone_secret_openrc.tpl
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
{{- define "helm-toolkit.snippets.keystone_secret_openrc" }}
|
||||||
|
{{- $userClass := index . 0 -}}
|
||||||
|
{{- $identityEndpoint := index . 1 -}}
|
||||||
|
{{- $context := index . 2 -}}
|
||||||
|
{{- $userContext := index $context.Values.endpoints.identity.auth $userClass }}
|
||||||
|
OS_AUTH_URL: {{ tuple "identity" $identityEndpoint "api" $context | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc }}
|
||||||
|
OS_REGION_NAME: {{ $userContext.region_name | b64enc }}
|
||||||
|
OS_PROJECT_DOMAIN_NAME: {{ $userContext.project_domain_name | b64enc }}
|
||||||
|
OS_PROJECT_NAME: {{ $userContext.project_name | b64enc }}
|
||||||
|
OS_USER_DOMAIN_NAME: {{ $userContext.user_domain_name | b64enc }}
|
||||||
|
OS_USERNAME: {{ $userContext.username | b64enc }}
|
||||||
|
OS_PASSWORD: {{ $userContext.password | b64enc }}
|
||||||
|
{{- end }}
|
@ -19,10 +19,10 @@ set -ex
|
|||||||
keystone-manage --config-file=/etc/keystone/keystone.conf db_sync
|
keystone-manage --config-file=/etc/keystone/keystone.conf db_sync
|
||||||
|
|
||||||
keystone-manage --config-file=/etc/keystone/keystone.conf bootstrap \
|
keystone-manage --config-file=/etc/keystone/keystone.conf bootstrap \
|
||||||
--bootstrap-username {{ .Values.keystone.admin_user }} \
|
--bootstrap-username ${OS_USERNAME} \
|
||||||
--bootstrap-password {{ .Values.keystone.admin_password }} \
|
--bootstrap-password ${OS_PASSWORD} \
|
||||||
--bootstrap-project-name {{ .Values.keystone.admin_project_name }} \
|
--bootstrap-project-name ${OS_PROJECT_NAME} \
|
||||||
--bootstrap-admin-url {{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} \
|
--bootstrap-admin-url ${OS_BOOTSTRAP_ADMIN_URL} \
|
||||||
--bootstrap-public-url {{ tuple "identity" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} \
|
--bootstrap-public-url ${OS_BOOTSTRAP_PUBLIC_URL} \
|
||||||
--bootstrap-internal-url {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} \
|
--bootstrap-internal-url ${OS_BOOTSTRAP_INTERNAL_URL} \
|
||||||
--bootstrap-region-id {{ .Values.keystone.admin_region_name }}
|
--bootstrap-region-id ${OS_REGION_NAME}
|
||||||
|
@ -14,7 +14,6 @@
|
|||||||
|
|
||||||
{{- if .Values.bootstrap.enabled }}
|
{{- if .Values.bootstrap.enabled }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "keystone-env-keystone-admin" }}
|
|
||||||
{{- $dependencies := .Values.dependencies.bootstrap }}
|
{{- $dependencies := .Values.dependencies.bootstrap }}
|
||||||
{{- $mounts_keystone_bootstrap := .Values.mounts.keystone_bootstrap.keystone_bootstrap }}
|
{{- $mounts_keystone_bootstrap := .Values.mounts.keystone_bootstrap.keystone_bootstrap }}
|
||||||
{{- $mounts_keystone_bootstrap_init := .Values.mounts.keystone_bootstrap.init_container }}
|
{{- $mounts_keystone_bootstrap_init := .Values.mounts.keystone_bootstrap.init_container }}
|
||||||
@ -45,7 +44,7 @@ spec:
|
|||||||
memory: {{ .Values.resources.jobs.bootstrap.requests.memory | quote }}
|
memory: {{ .Values.resources.jobs.bootstrap.requests.memory | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
command:
|
command:
|
||||||
|
@ -47,7 +47,7 @@ spec:
|
|||||||
- name: ROOT_DB_CONNECTION
|
- name: ROOT_DB_CONNECTION
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: keystone-db-root
|
name: {{ .Values.secrets.oslo_db.admin }}
|
||||||
key: DB_CONNECTION
|
key: DB_CONNECTION
|
||||||
- name: OPENSTACK_CONFIG_FILE
|
- name: OPENSTACK_CONFIG_FILE
|
||||||
value: /etc/keystone/keystone.conf
|
value: /etc/keystone/keystone.conf
|
||||||
|
@ -43,6 +43,16 @@ spec:
|
|||||||
cpu: {{ .Values.resources.jobs.db_sync.requests.cpu | quote }}
|
cpu: {{ .Values.resources.jobs.db_sync.requests.cpu | quote }}
|
||||||
memory: {{ .Values.resources.jobs.db_sync.requests.memory | quote }}
|
memory: {{ .Values.resources.jobs.db_sync.requests.memory | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
env:
|
||||||
|
- name: OS_BOOTSTRAP_ADMIN_URL
|
||||||
|
value: {{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
|
||||||
|
- name: OS_BOOTSTRAP_PUBLIC_URL
|
||||||
|
value: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
|
||||||
|
- name: OS_BOOTSTRAP_INTERNAL_URL
|
||||||
|
value: {{ tuple "identity" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
|
||||||
|
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||||
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
|
{{- end }}
|
||||||
command:
|
command:
|
||||||
- /tmp/db-sync.sh
|
- /tmp/db-sync.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
@ -13,7 +13,6 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "keystone-env-keystone-admin" }}
|
|
||||||
{{- $dependencies := .Values.dependencies.tests }}
|
{{- $dependencies := .Values.dependencies.tests }}
|
||||||
{{- $mounts_keystone_tests := .Values.mounts.keystone_tests.keystone_tests }}
|
{{- $mounts_keystone_tests := .Values.mounts.keystone_tests.keystone_tests }}
|
||||||
{{- $mounts_keystone_tests_init := .Values.mounts.keystone_tests.init_container }}
|
{{- $mounts_keystone_tests_init := .Values.mounts.keystone_tests.init_container }}
|
||||||
@ -42,7 +41,7 @@ spec:
|
|||||||
memory: {{ .Values.resources.tests.requests.memory | quote }}
|
memory: {{ .Values.resources.tests.requests.memory | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: RALLY_ENV_NAME
|
- name: RALLY_ENV_NAME
|
||||||
|
@ -1,7 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: keystone-db-root
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
|
|
25
keystone/templates/secret-db.yaml
Normal file
25
keystone/templates/secret-db.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||||
|
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ $secretName }}
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
|
||||||
|
{{- end }}
|
@ -1,34 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: keystone-env-keystone-admin
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
OS_AUTH_URL: |
|
|
||||||
{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
|
||||||
OS_REGION_NAME: |
|
|
||||||
{{ .Values.keystone.admin_region_name | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_DOMAIN_NAME: |
|
|
||||||
{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_NAME: |
|
|
||||||
{{ .Values.keystone.admin_project_name | b64enc | indent 4 }}
|
|
||||||
OS_USER_DOMAIN_NAME: |
|
|
||||||
{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }}
|
|
||||||
OS_USERNAME: |
|
|
||||||
{{ .Values.keystone.admin_user | b64enc | indent 4 }}
|
|
||||||
OS_PASSWORD: |
|
|
||||||
{{ .Values.keystone.admin_password | b64enc | indent 4 }}
|
|
@ -11,11 +11,15 @@
|
|||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- range $key1, $userClass := tuple "admin" }}
|
||||||
|
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
name: mistral-db-root
|
name: {{ $secretName }}
|
||||||
type: Opaque
|
type: Opaque
|
||||||
data:
|
data:
|
||||||
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
|
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
|
||||||
|
{{- end }}
|
@ -48,14 +48,7 @@ termination_grace_period:
|
|||||||
timeout: 30
|
timeout: 30
|
||||||
|
|
||||||
keystone:
|
keystone:
|
||||||
version: v3
|
|
||||||
scheme: http
|
|
||||||
admin_region_name: RegionOne
|
|
||||||
admin_user: admin
|
|
||||||
admin_password: password
|
|
||||||
admin_project_name: admin
|
|
||||||
admin_user_domain: default
|
|
||||||
admin_project_domain: default
|
|
||||||
|
|
||||||
bootstrap:
|
bootstrap:
|
||||||
enabled: true
|
enabled: true
|
||||||
@ -194,12 +187,28 @@ conf:
|
|||||||
enabled: true
|
enabled: true
|
||||||
backend: dogpile.cache.memcached
|
backend: dogpile.cache.memcached
|
||||||
|
|
||||||
|
# Names of secrets used by bootstrap and environmental checks
|
||||||
|
secrets:
|
||||||
|
identity:
|
||||||
|
admin: keystone-keystone-admin
|
||||||
|
oslo_db:
|
||||||
|
admin: keystone-db-admin
|
||||||
|
user: keystone-db-user
|
||||||
|
|
||||||
# typically overriden by environmental
|
# typically overriden by environmental
|
||||||
# values, but should include all endpoints
|
# values, but should include all endpoints
|
||||||
# required by this chart
|
# required by this chart
|
||||||
endpoints:
|
endpoints:
|
||||||
identity:
|
identity:
|
||||||
name: keystone
|
name: keystone
|
||||||
|
auth:
|
||||||
|
admin:
|
||||||
|
region_name: RegionOne
|
||||||
|
username: admin
|
||||||
|
password: password
|
||||||
|
project_name: admin
|
||||||
|
user_domain_name: default
|
||||||
|
project_domain_name: default
|
||||||
hosts:
|
hosts:
|
||||||
default: keystone-api
|
default: keystone-api
|
||||||
public: keystone
|
public: keystone
|
||||||
|
@ -23,6 +23,25 @@
|
|||||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
|
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- if empty .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
|
||||||
|
{{- set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
|
||||||
|
{{- set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
|
||||||
|
{{- set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
|
||||||
|
{{- set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.username -}}
|
||||||
|
{{- set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.password -}}
|
||||||
|
{{- set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
{{- if empty .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
|
{{- if empty .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
|
||||||
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
|
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
@ -43,7 +43,7 @@ spec:
|
|||||||
- name: ROOT_DB_CONNECTION
|
- name: ROOT_DB_CONNECTION
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: magnum-db-root
|
name: {{ .Values.secrets.oslo_db.admin }}
|
||||||
key: DB_CONNECTION
|
key: DB_CONNECTION
|
||||||
- name: OPENSTACK_CONFIG_FILE
|
- name: OPENSTACK_CONFIG_FILE
|
||||||
value: /etc/magnum/magnum.conf
|
value: /etc/magnum/magnum.conf
|
||||||
|
@ -13,7 +13,6 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $ksAdminSecret := .Values.keystone_secrets.admin }}
|
|
||||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
@ -50,7 +49,7 @@ spec:
|
|||||||
subPath: ks-endpoints.sh
|
subPath: ks-endpoints.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: OS_SVC_ENDPOINT
|
- name: OS_SVC_ENDPOINT
|
||||||
|
@ -13,7 +13,6 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $ksAdminSecret := .Values.keystone_secrets.admin }}
|
|
||||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
{{- $dependencies := .Values.dependencies.ks_service }}
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
@ -49,7 +48,7 @@ spec:
|
|||||||
subPath: ks-service.sh
|
subPath: ks-service.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: OS_SERVICE_NAME
|
- name: OS_SERVICE_NAME
|
||||||
|
@ -12,8 +12,6 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "magnum-env-keystone-admin" }}
|
|
||||||
{{- $ksUserSecret := .Values.keystone.user_secret | default "magnum-env-keystone-user" }}
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
{{- $dependencies := .Values.dependencies.ks_user }}
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
@ -49,16 +47,16 @@ spec:
|
|||||||
subPath: ks-user.sh
|
subPath: ks-user.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: SERVICE_OS_SERVICE_NAME
|
- name: SERVICE_OS_SERVICE_NAME
|
||||||
value: "magnum"
|
value: "magnum"
|
||||||
{{- with $env := dict "ksUserSecret" $ksUserSecret }}
|
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: SERVICE_OS_ROLE
|
- name: SERVICE_OS_ROLE
|
||||||
value: {{ .Values.keystone.magnum_user_role | quote }}
|
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||||
volumes:
|
volumes:
|
||||||
- name: ks-user-sh
|
- name: ks-user-sh
|
||||||
configMap:
|
configMap:
|
||||||
|
@ -1,7 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: magnum-db-root
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
|
|
25
magnum/templates/secret-db.yaml
Normal file
25
magnum/templates/secret-db.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||||
|
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ $secretName }}
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
|
||||||
|
{{- end }}
|
@ -1,34 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: {{ .Values.keystone_secrets.admin }}
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
OS_AUTH_URL: |
|
|
||||||
{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
|
||||||
OS_REGION_NAME: |
|
|
||||||
{{ .Values.keystone.admin_region_name | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_DOMAIN_NAME: |
|
|
||||||
{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_NAME: |
|
|
||||||
{{ .Values.keystone.admin_project_name | b64enc | indent 4 }}
|
|
||||||
OS_USER_DOMAIN_NAME: |
|
|
||||||
{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }}
|
|
||||||
OS_USERNAME: |
|
|
||||||
{{ .Values.keystone.admin_user | b64enc | indent 4 }}
|
|
||||||
OS_PASSWORD: |
|
|
||||||
{{ .Values.keystone.admin_password | b64enc | indent 4 }}
|
|
@ -1,34 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: {{ .Values.keystone_secrets.user }}
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
OS_AUTH_URL: |
|
|
||||||
{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
|
||||||
OS_REGION_NAME: |
|
|
||||||
{{ .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.region_name | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_DOMAIN_NAME: |
|
|
||||||
{{ .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_NAME: |
|
|
||||||
{{ .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.project_name | b64enc | indent 4 }}
|
|
||||||
OS_USER_DOMAIN_NAME: |
|
|
||||||
{{ .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name | b64enc | indent 4 }}
|
|
||||||
OS_USERNAME: |
|
|
||||||
{{ .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.username | b64enc | indent 4 }}
|
|
||||||
OS_PASSWORD: |
|
|
||||||
{{ .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.password | b64enc | indent 4 }}
|
|
25
magnum/templates/secret-keystone.yaml
Normal file
25
magnum/templates/secret-keystone.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||||
|
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ $secretName }}
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
|
||||||
|
{{- end }}
|
@ -17,7 +17,6 @@
|
|||||||
# Declare name/value pairs to be passed into your templates.
|
# Declare name/value pairs to be passed into your templates.
|
||||||
# name: value
|
# name: value
|
||||||
|
|
||||||
|
|
||||||
replicas:
|
replicas:
|
||||||
api: 1
|
api: 1
|
||||||
conductor: 1
|
conductor: 1
|
||||||
@ -52,20 +51,6 @@ termination_grace_period:
|
|||||||
api:
|
api:
|
||||||
timeout: 30
|
timeout: 30
|
||||||
|
|
||||||
keystone_secrets:
|
|
||||||
admin: "magnum-env-keystone-admin"
|
|
||||||
user: "magnum-env-keystone-user"
|
|
||||||
|
|
||||||
keystone:
|
|
||||||
admin_user: "admin"
|
|
||||||
admin_user_domain: "default"
|
|
||||||
admin_password: "password"
|
|
||||||
admin_project_name: "admin"
|
|
||||||
admin_project_domain: "default"
|
|
||||||
admin_region_name: "RegionOne"
|
|
||||||
|
|
||||||
magnum_user_role: "admin"
|
|
||||||
|
|
||||||
conf:
|
conf:
|
||||||
paste:
|
paste:
|
||||||
override:
|
override:
|
||||||
@ -146,12 +131,37 @@ dependencies:
|
|||||||
- service: identity
|
- service: identity
|
||||||
endpoint: internal
|
endpoint: internal
|
||||||
|
|
||||||
|
# Names of secrets used by bootstrap and environmental checks
|
||||||
|
secrets:
|
||||||
|
identity:
|
||||||
|
admin: magnum-keystone-admin
|
||||||
|
user: magnum-keystone-user
|
||||||
|
oslo_db:
|
||||||
|
admin: magnum-db-admin
|
||||||
|
user: magnum-db-user
|
||||||
|
|
||||||
# typically overriden by environmental
|
# typically overriden by environmental
|
||||||
# values, but should include all endpoints
|
# values, but should include all endpoints
|
||||||
# required by this chart
|
# required by this chart
|
||||||
endpoints:
|
endpoints:
|
||||||
identity:
|
identity:
|
||||||
name: keystone
|
name: keystone
|
||||||
|
auth:
|
||||||
|
admin:
|
||||||
|
region_name: RegionOne
|
||||||
|
username: admin
|
||||||
|
password: password
|
||||||
|
project_name: admin
|
||||||
|
user_domain_name: default
|
||||||
|
project_domain_name: default
|
||||||
|
user:
|
||||||
|
role: admin
|
||||||
|
region_name: RegionOne
|
||||||
|
username: magnum
|
||||||
|
password: password
|
||||||
|
project_name: service
|
||||||
|
user_domain_name: default
|
||||||
|
project_domain_name: default
|
||||||
hosts:
|
hosts:
|
||||||
default: keystone-api
|
default: keystone-api
|
||||||
public: keystone
|
public: keystone
|
||||||
|
@ -22,6 +22,25 @@
|
|||||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
|
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- if empty .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
|
||||||
|
{{- set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
|
||||||
|
{{- set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
|
||||||
|
{{- set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
|
||||||
|
{{- set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.username -}}
|
||||||
|
{{- set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.password -}}
|
||||||
|
{{- set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
{{- if empty .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
|
{{- if empty .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
|
||||||
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
|
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
@ -43,7 +43,7 @@ spec:
|
|||||||
- name: ROOT_DB_CONNECTION
|
- name: ROOT_DB_CONNECTION
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: mistral-db-root
|
name: {{ .Values.secrets.oslo_db.admin }}
|
||||||
key: DB_CONNECTION
|
key: DB_CONNECTION
|
||||||
- name: OPENSTACK_CONFIG_FILE
|
- name: OPENSTACK_CONFIG_FILE
|
||||||
value: /etc/mistral/mistral.conf
|
value: /etc/mistral/mistral.conf
|
||||||
|
@ -13,7 +13,6 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "mistral-env-keystone-admin" }}
|
|
||||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
@ -50,7 +49,7 @@ spec:
|
|||||||
subPath: ks-endpoints.sh
|
subPath: ks-endpoints.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: OS_SVC_ENDPOINT
|
- name: OS_SVC_ENDPOINT
|
||||||
|
@ -13,7 +13,6 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "mistral-env-keystone-admin" }}
|
|
||||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
{{- $dependencies := .Values.dependencies.ks_service }}
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
@ -49,7 +48,7 @@ spec:
|
|||||||
subPath: ks-service.sh
|
subPath: ks-service.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: OS_SERVICE_NAME
|
- name: OS_SERVICE_NAME
|
||||||
|
@ -12,8 +12,6 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "mistral-env-keystone-admin" }}
|
|
||||||
{{- $ksUserSecret := .Values.keystone.user_secret | default "mistral-env-keystone-user" }}
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
{{- $dependencies := .Values.dependencies.ks_user }}
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
@ -49,16 +47,16 @@ spec:
|
|||||||
subPath: ks-user.sh
|
subPath: ks-user.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: SERVICE_OS_SERVICE_NAME
|
- name: SERVICE_OS_SERVICE_NAME
|
||||||
value: "mistral"
|
value: "mistral"
|
||||||
{{- with $env := dict "ksUserSecret" $ksUserSecret }}
|
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: SERVICE_OS_ROLE
|
- name: SERVICE_OS_ROLE
|
||||||
value: {{ .Values.keystone.mistral_user_role | quote }}
|
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||||
volumes:
|
volumes:
|
||||||
- name: ks-user-sh
|
- name: ks-user-sh
|
||||||
configMap:
|
configMap:
|
||||||
|
25
mistral/templates/secret-db.yaml
Normal file
25
mistral/templates/secret-db.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||||
|
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ $secretName }}
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
|
||||||
|
{{- end }}
|
@ -1,35 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: mistral-env-keystone-admin
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
OS_AUTH_URL: |
|
|
||||||
{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
|
||||||
OS_REGION_NAME: |
|
|
||||||
{{ .Values.keystone.admin_region_name | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_DOMAIN_NAME: |
|
|
||||||
{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_NAME: |
|
|
||||||
{{ .Values.keystone.admin_project_name | b64enc | indent 4 }}
|
|
||||||
OS_USER_DOMAIN_NAME: |
|
|
||||||
{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }}
|
|
||||||
OS_USERNAME: |
|
|
||||||
{{ .Values.keystone.admin_user | b64enc | indent 4 }}
|
|
||||||
OS_PASSWORD: |
|
|
||||||
{{ .Values.keystone.admin_password | b64enc | indent 4 }}
|
|
||||||
|
|
@ -1,34 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: mistral-env-keystone-user
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
OS_AUTH_URL: |
|
|
||||||
{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
|
||||||
OS_REGION_NAME: |
|
|
||||||
{{ .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.region_name | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_DOMAIN_NAME: |
|
|
||||||
{{ .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_NAME: |
|
|
||||||
{{ .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.project_name | b64enc | indent 4 }}
|
|
||||||
OS_USER_DOMAIN_NAME: |
|
|
||||||
{{ .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name | b64enc | indent 4 }}
|
|
||||||
OS_USERNAME: |
|
|
||||||
{{ .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.username | b64enc | indent 4 }}
|
|
||||||
OS_PASSWORD: |
|
|
||||||
{{ .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.password | b64enc | indent 4 }}
|
|
25
mistral/templates/secret-keystone.yaml
Normal file
25
mistral/templates/secret-keystone.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||||
|
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ $secretName }}
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
|
||||||
|
{{- end }}
|
@ -17,7 +17,6 @@
|
|||||||
# Declare name/value pairs to be passed into your templates.
|
# Declare name/value pairs to be passed into your templates.
|
||||||
# name: value
|
# name: value
|
||||||
|
|
||||||
|
|
||||||
replicas:
|
replicas:
|
||||||
api: 1
|
api: 1
|
||||||
engine: 1
|
engine: 1
|
||||||
@ -56,26 +55,6 @@ termination_grace_period:
|
|||||||
api:
|
api:
|
||||||
timeout: 30
|
timeout: 30
|
||||||
|
|
||||||
keystone_secrets:
|
|
||||||
admin: "mistral-env-keystone-admin"
|
|
||||||
user: "mistral-env-keystone-user"
|
|
||||||
|
|
||||||
keystone:
|
|
||||||
admin_user: "admin"
|
|
||||||
admin_user_domain: "default"
|
|
||||||
admin_password: "password"
|
|
||||||
admin_project_name: "admin"
|
|
||||||
admin_project_domain: "default"
|
|
||||||
admin_region_name: "RegionOne"
|
|
||||||
|
|
||||||
mistral_user: "mistral"
|
|
||||||
mistral_user_domain: "default"
|
|
||||||
mistral_user_role: "admin"
|
|
||||||
mistral_password: "password"
|
|
||||||
mistral_project_name: "service"
|
|
||||||
mistral_project_domain: "default"
|
|
||||||
mistral_region_name: "RegionOne"
|
|
||||||
|
|
||||||
network:
|
network:
|
||||||
api:
|
api:
|
||||||
ingress:
|
ingress:
|
||||||
@ -150,12 +129,37 @@ dependencies:
|
|||||||
- service: identity
|
- service: identity
|
||||||
endpoint: internal
|
endpoint: internal
|
||||||
|
|
||||||
|
# Names of secrets used by bootstrap and environmental checks
|
||||||
|
secrets:
|
||||||
|
identity:
|
||||||
|
admin: mistral-keystone-admin
|
||||||
|
user: mistral-keystone-user
|
||||||
|
oslo_db:
|
||||||
|
admin: mistral-db-admin
|
||||||
|
user: mistral-db-user
|
||||||
|
|
||||||
# typically overriden by environmental
|
# typically overriden by environmental
|
||||||
# values, but should include all endpoints
|
# values, but should include all endpoints
|
||||||
# required by this chart
|
# required by this chart
|
||||||
endpoints:
|
endpoints:
|
||||||
identity:
|
identity:
|
||||||
name: keystone
|
name: keystone
|
||||||
|
auth:
|
||||||
|
admin:
|
||||||
|
region_name: RegionOne
|
||||||
|
username: admin
|
||||||
|
password: password
|
||||||
|
project_name: admin
|
||||||
|
user_domain_name: default
|
||||||
|
project_domain_name: default
|
||||||
|
user:
|
||||||
|
role: admin
|
||||||
|
region_name: RegionOne
|
||||||
|
username: mistral
|
||||||
|
password: password
|
||||||
|
project_name: service
|
||||||
|
user_domain_name: default
|
||||||
|
project_domain_name: default
|
||||||
hosts:
|
hosts:
|
||||||
default: keystone-api
|
default: keystone-api
|
||||||
public: keystone
|
public: keystone
|
||||||
|
@ -33,6 +33,25 @@
|
|||||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
|
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if empty .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
|
||||||
|
{{- set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
|
||||||
|
{{- set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
|
||||||
|
{{- set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token.username -}}
|
||||||
|
{{- set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token.password -}}
|
||||||
|
{{- set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
|
||||||
|
{{- set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
{{- if empty .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
|
{{- if empty .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
|
||||||
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
|
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -34,7 +34,7 @@ spec:
|
|||||||
- name: ROOT_DB_CONNECTION
|
- name: ROOT_DB_CONNECTION
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: neutron-db-root
|
name: {{ .Values.secrets.oslo_db.admin }}
|
||||||
key: DB_CONNECTION
|
key: DB_CONNECTION
|
||||||
- name: OPENSTACK_CONFIG_FILE
|
- name: OPENSTACK_CONFIG_FILE
|
||||||
value: /etc/neutron/neutron.conf
|
value: /etc/neutron/neutron.conf
|
||||||
|
@ -13,7 +13,6 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "neutron-env-keystone-admin" }}
|
|
||||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
@ -50,7 +49,7 @@ spec:
|
|||||||
subPath: ks-endpoints.sh
|
subPath: ks-endpoints.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: OS_SVC_ENDPOINT
|
- name: OS_SVC_ENDPOINT
|
||||||
|
@ -13,7 +13,6 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "neutron-env-keystone-admin" }}
|
|
||||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
{{- $dependencies := .Values.dependencies.ks_service }}
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
@ -49,7 +48,7 @@ spec:
|
|||||||
subPath: ks-service.sh
|
subPath: ks-service.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: OS_SERVICE_NAME
|
- name: OS_SERVICE_NAME
|
||||||
|
@ -12,8 +12,6 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "neutron-env-keystone-admin" }}
|
|
||||||
{{- $ksUserSecret := .Values.keystone.user_secret | default "neutron-env-keystone-user" }}
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
{{- $dependencies := .Values.dependencies.ks_user }}
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
@ -49,16 +47,16 @@ spec:
|
|||||||
subPath: ks-user.sh
|
subPath: ks-user.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: SERVICE_OS_SERVICE_NAME
|
- name: SERVICE_OS_SERVICE_NAME
|
||||||
value: "neutron"
|
value: "neutron"
|
||||||
{{- with $env := dict "ksUserSecret" $ksUserSecret }}
|
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: SERVICE_OS_ROLE
|
- name: SERVICE_OS_ROLE
|
||||||
value: {{ .Values.keystone.neutron_user_role | quote }}
|
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||||
volumes:
|
volumes:
|
||||||
- name: ks-user-sh
|
- name: ks-user-sh
|
||||||
configMap:
|
configMap:
|
||||||
|
@ -13,7 +13,6 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "neutron-env-keystone-admin" }}
|
|
||||||
{{- $dependencies := .Values.dependencies.tests }}
|
{{- $dependencies := .Values.dependencies.tests }}
|
||||||
{{- $mounts_neutron_tests := .Values.mounts.neutron_tests.neutron_tests }}
|
{{- $mounts_neutron_tests := .Values.mounts.neutron_tests.neutron_tests }}
|
||||||
{{- $mounts_neutron_tests_init := .Values.mounts.neutron_tests.init_container }}
|
{{- $mounts_neutron_tests_init := .Values.mounts.neutron_tests.init_container }}
|
||||||
@ -32,7 +31,7 @@ spec:
|
|||||||
- name: {{.Release.Name}}-token-issue-test
|
- name: {{.Release.Name}}-token-issue-test
|
||||||
image: {{ .Values.images.test }}
|
image: {{ .Values.images.test }}
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: RALLY_ENV_NAME
|
- name: RALLY_ENV_NAME
|
||||||
|
@ -1,7 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: neutron-db-root
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
|
|
25
neutron/templates/secret-db.yaml
Normal file
25
neutron/templates/secret-db.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||||
|
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ $secretName }}
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
|
||||||
|
{{- end }}
|
@ -1,34 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: neutron-env-keystone-admin
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
OS_AUTH_URL: |
|
|
||||||
{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
|
||||||
OS_REGION_NAME: |
|
|
||||||
{{ .Values.keystone.admin_region_name | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_DOMAIN_NAME: |
|
|
||||||
{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_NAME: |
|
|
||||||
{{ .Values.keystone.admin_project_name | b64enc | indent 4 }}
|
|
||||||
OS_USER_DOMAIN_NAME: |
|
|
||||||
{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }}
|
|
||||||
OS_USERNAME: |
|
|
||||||
{{ .Values.keystone.admin_user | b64enc | indent 4 }}
|
|
||||||
OS_PASSWORD: |
|
|
||||||
{{ .Values.keystone.admin_password | b64enc | indent 4 }}
|
|
@ -1,34 +0,0 @@
|
|||||||
# Copyright 2017 The Openstack-Helm Authors.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: neutron-env-keystone-user
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
OS_AUTH_URL: |
|
|
||||||
{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
|
||||||
OS_REGION_NAME: |
|
|
||||||
{{ .Values.keystone.neutron_region_name | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_DOMAIN_NAME: |
|
|
||||||
{{ .Values.keystone.neutron_project_domain | b64enc | indent 4 }}
|
|
||||||
OS_PROJECT_NAME: |
|
|
||||||
{{ .Values.keystone.neutron_project_name | b64enc | indent 4 }}
|
|
||||||
OS_USER_DOMAIN_NAME: |
|
|
||||||
{{ .Values.keystone.neutron_user_domain | b64enc | indent 4 }}
|
|
||||||
OS_USERNAME: |
|
|
||||||
{{ .Values.keystone.neutron_user | b64enc | indent 4 }}
|
|
||||||
OS_PASSWORD: |
|
|
||||||
{{ .Values.keystone.neutron_password | b64enc | indent 4 }}
|
|
25
neutron/templates/secret-keystone.yaml
Normal file
25
neutron/templates/secret-keystone.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||||
|
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ $secretName }}
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
|
||||||
|
{{- end }}
|
@ -134,23 +134,6 @@ network:
|
|||||||
metadata:
|
metadata:
|
||||||
port: 8775
|
port: 8775
|
||||||
|
|
||||||
keystone:
|
|
||||||
|
|
||||||
admin_user: "admin"
|
|
||||||
admin_user_domain: "default"
|
|
||||||
admin_password: "password"
|
|
||||||
admin_project_name: "admin"
|
|
||||||
admin_project_domain: "default"
|
|
||||||
admin_region_name: "RegionOne"
|
|
||||||
|
|
||||||
neutron_user: "neutron"
|
|
||||||
neutron_user_domain: "default"
|
|
||||||
neutron_user_role: "admin"
|
|
||||||
neutron_password: "password"
|
|
||||||
neutron_project_name: "service"
|
|
||||||
neutron_project_domain: "default"
|
|
||||||
neutron_region_name: "RegionOne"
|
|
||||||
|
|
||||||
metadata:
|
metadata:
|
||||||
workers: 4
|
workers: 4
|
||||||
|
|
||||||
@ -374,12 +357,6 @@ conf:
|
|||||||
auth_token:
|
auth_token:
|
||||||
auth_type: password
|
auth_type: password
|
||||||
auth_version: v3
|
auth_version: v3
|
||||||
region_name: RegionOne
|
|
||||||
project_domain_name: default
|
|
||||||
project_name: service
|
|
||||||
user_domain_name: default
|
|
||||||
username: neutron
|
|
||||||
password: password
|
|
||||||
ml2_conf:
|
ml2_conf:
|
||||||
override:
|
override:
|
||||||
append:
|
append:
|
||||||
@ -488,6 +465,14 @@ conf:
|
|||||||
override:
|
override:
|
||||||
append:
|
append:
|
||||||
|
|
||||||
|
# Names of secrets used by bootstrap and environmental checks
|
||||||
|
secrets:
|
||||||
|
identity:
|
||||||
|
admin: neutron-keystone-admin
|
||||||
|
user: neutron-keystone-user
|
||||||
|
oslo_db:
|
||||||
|
admin: neutron-db-admin
|
||||||
|
user: neutron-db-user
|
||||||
|
|
||||||
# typically overriden by environmental
|
# typically overriden by environmental
|
||||||
# values, but should include all endpoints
|
# values, but should include all endpoints
|
||||||
@ -548,6 +533,22 @@ endpoints:
|
|||||||
default: 6080
|
default: 6080
|
||||||
identity:
|
identity:
|
||||||
name: keystone
|
name: keystone
|
||||||
|
auth:
|
||||||
|
admin:
|
||||||
|
region_name: RegionOne
|
||||||
|
username: admin
|
||||||
|
password: password
|
||||||
|
project_name: admin
|
||||||
|
user_domain_name: default
|
||||||
|
project_domain_name: default
|
||||||
|
user:
|
||||||
|
role: admin
|
||||||
|
region_name: RegionOne
|
||||||
|
username: neutron
|
||||||
|
password: password
|
||||||
|
project_name: service
|
||||||
|
user_domain_name: default
|
||||||
|
project_domain_name: default
|
||||||
hosts:
|
hosts:
|
||||||
default: keystone-api
|
default: keystone-api
|
||||||
public: keystone
|
public: keystone
|
||||||
|
@ -23,6 +23,25 @@
|
|||||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
|
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- if empty .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
|
||||||
|
{{- set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
|
||||||
|
{{- set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
|
||||||
|
{{- set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
|
||||||
|
{{- set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token.username -}}
|
||||||
|
{{- set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token.password -}}
|
||||||
|
{{- set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
{{- if empty .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
|
{{- if empty .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
|
||||||
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
|
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
@ -13,7 +13,6 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "nova-env-keystone-admin" }}
|
|
||||||
{{- $dependencies := .Values.dependencies.bootstrap }}
|
{{- $dependencies := .Values.dependencies.bootstrap }}
|
||||||
{{- $mounts_nova_bootstrap := .Values.mounts.nova_bootstrap.nova_bootstrap }}
|
{{- $mounts_nova_bootstrap := .Values.mounts.nova_bootstrap.nova_bootstrap }}
|
||||||
{{- $mounts_nova_bootstrap_init := .Values.mounts.nova_bootstrap.init_container }}
|
{{- $mounts_nova_bootstrap_init := .Values.mounts.nova_bootstrap.init_container }}
|
||||||
@ -45,7 +44,7 @@ spec:
|
|||||||
command:
|
command:
|
||||||
- /tmp/bootstrap.sh
|
- /tmp/bootstrap.sh
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
@ -43,7 +43,7 @@ spec:
|
|||||||
- name: ROOT_DB_CONNECTION
|
- name: ROOT_DB_CONNECTION
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: nova-db-root
|
name: {{ .Values.secrets.oslo_db.admin }}
|
||||||
key: DB_CONNECTION
|
key: DB_CONNECTION
|
||||||
- name: OPENSTACK_CONFIG_FILE
|
- name: OPENSTACK_CONFIG_FILE
|
||||||
value: /etc/nova/nova.conf
|
value: /etc/nova/nova.conf
|
||||||
@ -80,7 +80,7 @@ spec:
|
|||||||
- name: ROOT_DB_CONNECTION
|
- name: ROOT_DB_CONNECTION
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: nova-db-root
|
name: {{ .Values.secrets.oslo_db.admin }}
|
||||||
key: DB_CONNECTION
|
key: DB_CONNECTION
|
||||||
- name: OPENSTACK_CONFIG_FILE
|
- name: OPENSTACK_CONFIG_FILE
|
||||||
value: /etc/nova/nova.conf
|
value: /etc/nova/nova.conf
|
||||||
|
@ -13,7 +13,6 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "nova-env-keystone-admin" }}
|
|
||||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
@ -50,7 +49,7 @@ spec:
|
|||||||
subPath: ks-endpoints.sh
|
subPath: ks-endpoints.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: OS_SVC_ENDPOINT
|
- name: OS_SVC_ENDPOINT
|
||||||
|
@ -13,7 +13,6 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "nova-env-keystone-admin" }}
|
|
||||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
{{- $dependencies := .Values.dependencies.ks_service }}
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
@ -49,7 +48,7 @@ spec:
|
|||||||
subPath: ks-service.sh
|
subPath: ks-service.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: OS_SERVICE_NAME
|
- name: OS_SERVICE_NAME
|
||||||
|
@ -12,8 +12,6 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "nova-env-keystone-admin" }}
|
|
||||||
{{- $ksUserSecret := .Values.keystone.user_secret | default "nova-env-keystone-user" }}
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
{{- $dependencies := .Values.dependencies.ks_user }}
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
@ -49,16 +47,16 @@ spec:
|
|||||||
subPath: ks-user.sh
|
subPath: ks-user.sh
|
||||||
readOnly: true
|
readOnly: true
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: SERVICE_OS_SERVICE_NAME
|
- name: SERVICE_OS_SERVICE_NAME
|
||||||
value: "nova"
|
value: "nova"
|
||||||
{{- with $env := dict "ksUserSecret" $ksUserSecret }}
|
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: SERVICE_OS_ROLE
|
- name: SERVICE_OS_ROLE
|
||||||
value: {{ .Values.keystone.nova_user_role | quote }}
|
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||||
volumes:
|
volumes:
|
||||||
- name: ks-user-sh
|
- name: ks-user-sh
|
||||||
configMap:
|
configMap:
|
||||||
|
@ -13,7 +13,6 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "nova-env-keystone-admin" }}
|
|
||||||
{{- $dependencies := .Values.dependencies.tests }}
|
{{- $dependencies := .Values.dependencies.tests }}
|
||||||
{{- $mounts_nova_tests := .Values.mounts.nova_tests.nova_tests }}
|
{{- $mounts_nova_tests := .Values.mounts.nova_tests.nova_tests }}
|
||||||
{{- $mounts_nova_tests_init := .Values.mounts.nova_tests.init_container }}
|
{{- $mounts_nova_tests_init := .Values.mounts.nova_tests.init_container }}
|
||||||
@ -32,7 +31,7 @@ spec:
|
|||||||
- name: {{.Release.Name}}-token-issue-test
|
- name: {{.Release.Name}}-token-issue-test
|
||||||
image: {{ .Values.images.test }}
|
image: {{ .Values.images.test }}
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
|
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: RALLY_ENV_NAME
|
- name: RALLY_ENV_NAME
|
||||||
|
25
nova/templates/secret-db-api.yaml
Normal file
25
nova/templates/secret-db-api.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
# Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
{{- $envAll := . }}
|
||||||
|
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||||
|
{{- $secretName := index $envAll.Values.secrets.oslo_db_api $userClass }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ $secretName }}
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
DB_CONNECTION: {{ tuple "oslo_db_api" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
|
||||||
|
{{- end }}
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user